| Index: extensions/browser/api/cast_channel/cast_auth_util.h
|
| diff --git a/extensions/browser/api/cast_channel/cast_auth_util.h b/extensions/browser/api/cast_channel/cast_auth_util.h
|
| index 560f698d2b57430d7071dcae8d5b218426a094d9..07d58445d3f83a2883e1cd1ee0935c1606d7dc90 100644
|
| --- a/extensions/browser/api/cast_channel/cast_auth_util.h
|
| +++ b/extensions/browser/api/cast_channel/cast_auth_util.h
|
| @@ -5,8 +5,13 @@
|
| #ifndef EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
|
| #define EXTENSIONS_BROWSER_API_CAST_CHANNEL_CAST_AUTH_UTIL_H_
|
|
|
| +#include <map>
|
| #include <string>
|
|
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "base/strings/string_piece.h"
|
| +#include "net/base/hash_value.h"
|
| +
|
| namespace extensions {
|
| namespace core_api {
|
| namespace cast_channel {
|
| @@ -52,12 +57,62 @@ struct AuthResult {
|
| int nss_error_code);
|
| };
|
|
|
| +typedef std::map<net::SHA256HashValue,
|
| + base::StringPiece,
|
| + net::SHA256HashValueLessThan> AuthorityKeysMap;
|
| +
|
| +namespace proto {
|
| +
|
| +// Forward declaration to avoid including generated protobuf header.
|
| +class AuthorityKeys;
|
| +
|
| +} // namespace proto
|
| +
|
| +// AuthorityKeyStore is a helper class that is used to store and manipulate
|
| +// intermediate CAs (ICAs) information used to authenticate cast devices.
|
| +// A static list of ICAs is hardcoded and may optionally be replaced during
|
| +// runtime by an extension supplying a protobuf of ICAs information signed with
|
| +// known key.
|
| +class AuthorityKeyStore {
|
| + public:
|
| + AuthorityKeyStore();
|
| + ~AuthorityKeyStore();
|
| +
|
| + // Returns the public key of the ICA whose fingerprint matches |fingerprint|.
|
| + // Returns an empty StringPiece if no such ICA is found.
|
| + // Note: the returned StringPiece is invalidated if Load() is called.
|
| + base::StringPiece GetICAPublicKeyFromFingerprint(
|
| + const net::SHA256HashValue& fingerprint);
|
| +
|
| + // Returns the public key of the default / original cast ICA.
|
| + // Returns an empty StringPiece if the default cast ICA is not found.
|
| + // Note: the returned StringPiece is invalidated if Load() is called.
|
| + base::StringPiece GetDefaultICAPublicKey();
|
| +
|
| + // Replaces stored authority keys with the keys loaded from a serialized
|
| + // protobuf.
|
| + bool Load(const std::string& keys);
|
| +
|
| + private:
|
| + // The map of trusted certificate authorities - fingerprints to public keys.
|
| + AuthorityKeysMap certificate_authorities_;
|
| +
|
| + // Trusted certificate authorities data passed from the extension.
|
| + scoped_ptr<proto::AuthorityKeys> authority_keys_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(AuthorityKeyStore);
|
| +};
|
| +
|
| // Authenticates the given |challenge_reply|:
|
| // 1. Signature contained in the reply is valid.
|
| // 2. Certficate used to sign is rooted to a trusted CA.
|
| AuthResult AuthenticateChallengeReply(const CastMessage& challenge_reply,
|
| const std::string& peer_cert);
|
|
|
| +// Sets trusted certificate authorities.
|
| +bool SetTrustedCertificateAuthorities(const std::string& keys,
|
| + const std::string& signature);
|
| +
|
| } // namespace cast_channel
|
| } // namespace core_api
|
| } // namespace extensions
|
|
|
Chromium Code Reviews
Issue 627573002:
Enable passing cast channel certificate authority keys. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master